PM87710: DFHWB0732 MESSAGE IS ISSUED BECAUSE THE SSL HANDSHAKE HAS FAILED WITH GSK_ERR_CONNECTION_CLOSED

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

Closed as program error.

Error description

You are receiving many DFHWB0732 messages.
DFHWB0732 CWXN CICS WEB ATTACH PROCESSING ENCOUNTERED A
SOCKETS I/O ERROR WHILE RECEIVING A CLIENT REQUEST.
HOST IP ADDRESS: xxx.xxx.xxx.xxx
CLIENT IP ADDRESS: yyy.yyy.yyy.yyy
TCPIPSERVICE: zzzzzzz
.
The trace shows the following exception entry:
SYSTEM_SSL_ERROR
GSK_RESPONSE(GSK_ERR_CONNECTION_CLOSED)
FUNCTION(SECURE_SOC_INIT) RESPONSE(EXCEPTION)
REASON(CONNECTION_CLOSED)
GSK_RETURN_CODE(1B5)CIPHER_SELECTED()
.
Further analysis, found that DFHSOSE only has code to detect
GSK_ERR_SOCKET_CLOSED and return as a connection_closed
response. All other errors get returned as handshake_error
which is just a generic io_error by the time the call returns
to DFHWBXN. This causes the DFHWB0732. If
GSK_ERR_CONNECTION_CLOSED is handled in the same way as
GSK_ERR_SOCKET_CLOSED. This will eliminate the DFHWB0732
message. Additional Symptoms and Keywords: KIXREVxxx

Local fix

Problem summary

****************************************************************
* USERS AFFECTED: All. *
****************************************************************
* PROBLEM DESCRIPTION: DFHWB0732 when an SSL TCPIP connection *
* is unexpectedly closed during handshake *
****************************************************************
* RECOMMENDATION: *
****************************************************************
A request is received on an HTTP SSL TCP/IP service. The
requestor immediately closes the connection before the SSL
handshake can complete. The receive issued by the SSL handshake
process gets a reason of connection_closed with a
gsk_return_code of gsk_err_connection_closed. This reason code
is not handled so the default handshake_error is returned.
This in turn causes message DFHWB0732 to be issued.
Additional keywords: WB0732 MSGDFHWB0732 HTTPS

Problem conclusion

DFHSOSE has been changed in routine sose_call_secure_soc_init
to check for reason code sose_connection_closed with a
sose_gsk_return_code of gsk_err_connection_closed and if found,
return that instead of the default handshake_error.